North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: short Botnet list and Cashing in on DoS

  • From: James Baldwin
  • Date: Sun Oct 10 15:08:56 2004

Pardon for my possibly ill informed interjection. I was under the impression that the current wind was blowing towards filtering outbound port 25 traffic while allowing outbound authenticated port 587 traffic? The though being that while this was not a FUSSP, it help to prevent unauthenticated "direct to mx" abuses.

On 10 Oct 2004, at 03:24, Mark Andrews wrote:
In the US there is even more insentive to bypass the ISP's servers. Look are the way they have interpreted the wire tap laws.
This would allow customers to access remote mail servers to avoid ISPs who agree with the (mis)interpretation of the wire tap laws.

On 9 Oct 2004, at 23:40, Alexei Roudnev wrote:
Because I am running my own SMTP server @ FreeBSD, for example. It is MY concern, not ISP concern.
Customers (mis)use of their connection is always the ISPs concern. If you are paying a premium for a Pure Pipe (tm), then yes, the way your server functions is your concern, however, since your actions directly influence how other networks accept or deny mail from your ISP as a whole it is very much their concern how you use your connection.

On 9 Oct 2004, at 15:45, Paul Vixie wrote:
blocking port 25 will make legitimate smtp permanently hard to use, while making non-
legitimate smtp temporarily hard to use.
I disagree, it will temporarily cause many, many people to have broken implementations and temporarily increase load tremendously on call centers. Working for an ISP that does port 25 filtering has not negatively impacted our users ability to use SMTP in any permanent fashion.

I don't under estimate the ability of software vendors and ISPs to roll out new requirements for SMTP to customers in a relatively painless fashion. Our ISP is currently making the transition from SMTP to Authenticated SMTP (we will be discontinuing the former) and I would see implementing port 25 blocking in much the same light with regards to implementation cost and the increased difficulty of using SMTP legitimately.

I agree that BCP 38 should be implemented. I agree that BCP 38 will have a greater affect on network abuse than port 25 filtering. They both have their place and address to partially overlapping groups of abuse imho.